Tor logo

Tor Project: CC-BY

The Internet Engineering Task Force (IETF) recently approved “.onion” as a “special-use” domain.

This means, in effect, ".onion" will be treated in the same way .local, .localhost, and .example have been dealt with previously — that is, outside the global Domain Name System (DNS). Adding .onion to the Special-Use Domain Names registry will also enable hosts on the Tor network to obtain validated SSL certificates.

The “.onion” domain is used by the Tor network. Tor (the onion router) allows people to improve their privacy and security on the Internet. Tor is also an effective censorship circumvention tool, allowing a wide range of users to access news or messaging sites which are blocked by their internet provider.

The “.onion” domain is used by Tor’s hidden services, which allow site users and site providers to communicate without revealing their location on the Internet. Hidden services are used by bloggers and journalists to protect their identities and those of their sources. Even Facebook runs a hidden service (which we've written about previously).

Formally registering the “.onion” domain ensures that it is reserved for the Tor network, preventing the creation of a conflicting “.onion" top-level domain (TLD) in the Domain Name System (DNS). It also allows certificate authorities to continue to issue certificates with “.onion” names, such as https://facebookcorewwwi.onion/, alongside regular website names, like This means that Tor users can be sure they’re talking not only to the hidden service with the right address, but also with the right certificate.

For those interested in using a hidden service, the DuckDuckGo privacy-preserving search engine at http://duskgytldkxiuqc6.onion/ can be visited by downloading the Tor Browser. It’s the same site as you’ll see at using any 'normal' web browser.

This article is by Tim Wilson-Brown. Tim is a member of EFA's Systems Team and is a volunteer Tor developer. Any opinions in this post are his own.

Comments are closed.